package com.xiangxiao.rpan.authority.oauth;

import com.google.gson.Gson;
import com.xiangxiao.rpan.authority.constant.ResponseCode;
import com.xiangxiao.rpan.authority.dto.JsonObject;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @auther xiangxiao
 * @email 573768011@qq.com
 * @data 2023/3/21 19:45
 */
/**
 * AccessDeniedHandler 接口是 Spring Security 中用于处理访问被拒绝（Access Denied）的情况的接口。
 * 当经过身份验证的用户尝试访问某个受保护的资源，但由于其角色或权限不足而被拒绝访问时，
 * AccessDeniedHandler 接口的实现类将会被调用，允许应用程序自定义如何处理这种访问拒绝的情况。
 * */
public class LocalAccessDeniedHandler implements AccessDeniedHandler {
  @Override
  public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException, IOException {
    JsonObject object = new JsonObject();
    object.setRespMessage("无权限操作");
    object.setRespCode(ResponseCode.NO_ACCESS);

    Gson gson = new Gson();
    response.setContentType("application/json;charset=utf-8");
    response.getWriter().write(gson.toJson(object));
  }
}
